WPsecure.net was formed from a conversation on IRC@freenode to provide the WordPress community specific security releases and info. Our goal is to disseminate the idea that WordPress itself is insecure by providing user-guides and release plugin and theme exploits to encourage better coding standards.

  • We only list exploits that can be downloaded from the official wordpress.org site.
  • The specific exploit posts tie directly into the WordPress API for information, including version status to check if plugins have been patched, every 24-48 hours.
  • In most cases we do not list the actual exploit code itself and leave that to the official advisory.
  • We have only started listing exploits from 2011 onwards to coincide with the site release, please be aware there are many exploits in the wild from previous years.

Our information is taken from various sources including Bugtraq, OSVDB, Secunia, Mitre, NIST, and the WordPress community.

*Note to plugin authors, in most cases we only publish exploits after a vendor notification time frame of 2-3 weeks.